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Tne New 


Hust Standard 


Explicit. Pervasive. Verifiable. 


Managing business imperatives an feel 
like a balancing act. With such high stakes, trust needs 
to be more than a feeling. Organizations and their 

customers need a benchmark for assessing whether / $- 
a product or service is trustworthy. Because once-you «* 4 Sp 
trust your protection, you can reach new heights. yk 


What makes a trusted partner? What makes a solution trustworthy? 
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Profile of a 
Trusted Partner 


How can you be confident that your business 
and those that you work with are trustworthy? 
A trusted partner weaves security into the 
very fabric of their business—transparently 
communicating how they secure their data, 
processes, products, services and employees 
to deliver true pervasive security. 


Work with third parties and open source Implement a Secure 
communities to improve security Development Lifecycle (SDL) 


zz 
Meet global Manage, secure and Secure the Require ongoing employee 
certification standards protect customer data supply chain security education 


Transparent Accountable 


Clearly map the flows and explain Ethical and predictable 
the usage of customer data response to security 
incidents 


Equal and simultaneous Publish all government 24/7 security incident Quick detection and 
access to requests for customer response team remediation of product 
security vulnerability data vulnerabilities 
information 


Provide timely and Enable customers to Admit when mistakes Timely, actionable 
actionable breach verify code and are made and work to and simultaneous 
notifications development artifacts make things right notification of bug fixes 
in a dedicated, secure and security patches 


environment 


Is Cisco a trusted partner? You decide. 


What makes 
a solution 
trustworthy? 


A trustworthy solution is one that does 
what it is expected to do in a verifiable 
way. When assessing whether a product 
or service is trustworthy, consider how 
the building blocks of foundational security 
are explicitly proven. 


Sie 


Security should be considered from the product design phase, not as 
an afterthought. A repeatable, measurable combination of tools, 
processes, and awareness training should be introduced in all 
development lifecycle phases and mandated to ensure defense-in- 
depth, provide a holistic approach to product resiliency, and 
establish a culture of security awareness. 
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Trusted products are continually monitored by a dedicated, global 
team that manages the receipt, investigation, and public reporting 
of information about product security vulnerabilities. This team 
should provide equal and simultaneous access to security 
vulnerability information. 


© 


Vendors who produce trusted products implement a 
program that continually assesses, monitors, and improves 
the security of the supply chain throughout their entire 
lifecycle. 


© 


The engineering roadmap of trustworthy products is informed 
by the expertise the vendor has gained from defending their 
global enterprise. Product security standards are continually 

reviewed in order to address constantly evolving cyber threats. 


2] Verifiable O 


Product 


At boot-up, a trusted product performs an 
automated check of software integrity that is 
anchored in hardware, ensuring that only genuine, 
unmotified software boots on that platform. 
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A product that is trustworthy utilizes 
digitally-signed software that ensures 
that it came from a trusted source. 


Integrity 


in non-volatile memory. 
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A trusted product generates certifiable 
entropy for random number generation. 


Products that are trustworthy meet rigorous 
global certifications and standards requirements. 


Is Cisco a trusted partner? You decide. 


Trustworthy products provide secure key 
storage that is anchored in hardware, allowing 
customers to store sensitive data encrypted 


